Risks

Prevalence

Common

Exploitability

Moderate

Impact

Devastating

If your user accounts get hacked easily, you quickly won’t have any users.
Ensuring strong authentication is a mix of pushing your users into good
habits, and following them yourself. Attackers are constantly trying
to find ways to bypass authentication, so you need to make sure you do not
permit any vulnerabilities.